Tul xxx Tul

Viewing: session.php

<?php
class SessionManager
{
    private const FLASH_KEY = '_flash_messages';
    private const CSRF_KEY = '_csrf_token';
    private const CSRF_TIME_KEY = '_csrf_token_time';

    private static function basePath(): string
    {
        static $base = null;
        if ($base !== null) {
            return $base;
        }

        $configured = getenv('CYNE_BASE_PATH');
        if ($configured === false || $configured === null || $configured === '') {
            $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : false;
            $projectRoot = realpath(__DIR__ . '/..');
            if ($docRoot && $projectRoot && strpos($projectRoot, $docRoot) === 0) {
                $relative = substr($projectRoot, strlen($docRoot));
                $relative = str_replace('\\', '/', $relative);
                $configured = $relative === '' ? '' : '/' . ltrim($relative, '/');
            } else {
                $configured = '';
            }
        }

        $base = rtrim((string)$configured, '/');
        return $base;
    }

    public static function start(): void
    {
        if (session_status() === PHP_SESSION_NONE) {
            session_start();
        }
    }

    public static function regenerateIfNeeded(): void
    {
        self::start();
        $lastRegenerated = $_SESSION['_session_regenerated'] ?? 0;
        if (!$lastRegenerated || (time() - $lastRegenerated) > 300) {
            session_regenerate_id(true);
            $_SESSION['_session_regenerated'] = time();
        }
    }

    public static function isAuthenticated(): bool
    {
        self::start();
        return isset($_SESSION['user_id']) || isset($_SESSION['client_id']);
    }

    public static function requireAuthenticated(array $roles = []): void
    {
        self::start();
        $isUser = isset($_SESSION['user_id']);
        $isClient = isset($_SESSION['client_id']);
        if (!$isUser && !$isClient) {
            $base = self::basePath();
            header('Location: ' . ($base ? $base . '/login.php' : '/login.php'));
            exit;
        }
        if ($roles) {
            if (!$isUser) {
                $base = self::basePath();
                header('Location: ' . ($base ? $base . '/router.php?action=clientPanel' : '/router.php?action=clientPanel'));
                exit;
            }
            $userRole = $_SESSION['user_rol'] ?? null;
            if (!$userRole || !in_array($userRole, $roles, true)) {
                http_response_code(403);
                exit;
            }
        }
    }

    public static function setFlash(string $type, string $message): void
    {
        self::start();
        $_SESSION[self::FLASH_KEY][$type][] = $message;
    }

    public static function getFlash(): array
    {
        self::start();
        $messages = $_SESSION[self::FLASH_KEY] ?? [];
        unset($_SESSION[self::FLASH_KEY]);
        return $messages;
    }

    public static function generateCsrfToken(): string
    {
        self::start();
        $existingToken = $_SESSION[self::CSRF_KEY] ?? null;
        $timestamp = $_SESSION[self::CSRF_TIME_KEY] ?? 0;
        if ($existingToken && (time() - $timestamp) <= 1800) {
            return $existingToken;
        }
        $token = bin2hex(random_bytes(32));
        $_SESSION[self::CSRF_KEY] = $token;
        $_SESSION[self::CSRF_TIME_KEY] = time();
        return $token;
    }

    public static function validateCsrfToken(?string $token, int $ttl = 1800): bool
    {
        self::start();
        if (!$token) {
            return false;
        }
        $stored = $_SESSION[self::CSRF_KEY] ?? null;
        $timestamp = $_SESSION[self::CSRF_TIME_KEY] ?? 0;
        return hash_equals((string)$stored, (string)$token) && (time() - $timestamp) <= $ttl;
    }
}
User / IP	: 216.73.216.146
Host / Server	: 45.84.207.204 / aircan.me
System	: Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64